Best way to allow another network access to a server.



  • What would be the best way to give House 2 network access to just the Surveillance and File Servers on the House 1 network as shown in diagram? Just access to the servers, nothing else, using existing Ubiquity PNP hardware.

    Thanks,
    Bill


  • Rebel Alliance Global Moderator

    VPN between house 1 and house 2..

    If you only want to access specific stuff you could limit via firewall rules what can flow across the vpn connection.  If its really traffic initiated from 1 side, ie house 2 access stuff in house 1 network(s)..  Then simple road warrior vpn connection where house 2 is the client to server running on house 1 would be simple solution.  Don't really need to setup a full site to site in that case.  And in such a case even if house 2 was running the same local network as house 1 you could setup a nat to overcome that, etc.

    I assume the routers your listing in the drawing connected to the isp are pfsense.



  • This will be using an existing Ubiquity PTP, no shared wan connection. Cannot go through the WAN, live in the sticks 6 meg connection. I having existing Surveillance cameras on House 2 by PTP. Two routers, to Wans. Shared vlan? 1:1 nat? Basically put a cable between the two HP Switches…


  • Rebel Alliance Global Moderator

    Huh??  Who said anything about a shared wan connect??

    I access all the resources from work location to my home network all the time, pretty much every day.  Think of my work as house 2..  As long as both sides have access to the internet then you can create a vpn..

    So you want to create connection between the networks over a Ubiquity PTP??  Yeah that works too.. don't have to encrypt the traffic that way I guess.  Now its just simple routing.  Which you can still firewall.  I must of missed the PNP comment in your OP - sorry..

    Don't seem cost effective if both places already have connection to internet.  Which you clearly list in your drawing..  While the unifi stuff is not all that expensive.. Why would you spend the money to do that if you already have an internet connection.  Unless you need more speed than internet connection gets you??



  • Exactly, Both places have 6 meg internet. PTP already exists.  So I can setup a VPN between the two routers with a "hard wire" ie. PTP?

    I guess I didn't make it clear, basically I want to direct link the two networks and setup routing from house 2 to the two servers on the house 1 network.  Picture a wire between the two switches. What would be the best way to do this?


  • Rebel Alliance Global Moderator

    You don't really need a vpn unless your worried about someone sniff the traffic over the PTP..

    Just connect your p2p network as transit network between your houses..

    Lets say your using transit network of 172.168.0.0/30 with pfsense H1 having .1 and H2 having .2

    Just create a gateway on pfsense pointing to the network on the other side 192.168.X on each pfsense..  Create any firewall rules you want on the interface you connect your p2p on pfsense.




  • That was what I was looking for, I'd never done this before. Thanks.


  • Rebel Alliance Global Moderator

    When you create the gateway make sure your not using it as default.  And then you would create your route via that gateway in your static route section.  You also want to make sure pfsense is not natting the connections out these gateways you create..

    So does your pfsense have other interfaces you could use, or are you going to have to do this over a vlan to pfsense lan interface?

    Pretty slick to be honest.  So how far away are these houses?  And how fast is the connection?  Once you have this sort of connection setup you could even leverage this ptp so that if internet went down at house 1 it could leverage house 2 internet ;)

    What specific unifi gear you using - cost of it if you don't mind..  Curious minds and all ;) hehehehe



  • As a side note: make sure that local networks of building #1 and #2 differ otherwise routing between them is a problem.



  • What would be the best way to give House 2 network access to just the Surveillance and File Servers on the House 1 network as shown in diagram?

    This is pending on some more information given by you.
    WAN Speed?
    Router or Firewall VPN capabilities?
    Distance between the houses and other buildings in that region?

    In normal I would say there are also some ways you could try to go;

    • VPN if  the houses are not neighbours or on neighbours ground
    • But if so, you could try out setting up a LWL cable (fibre) from one to the other network
    • encrypted WLAN and on the one side with the servers a VLAN with both of them inside

    Just access to the servers, nothing else,

    Give them only access to a VLAN where that both devices are stored in
    and work with Switch ACLs and/or Firewall rules like you are able to do.

    using existing Ubiquity PNP hardware.

    Would you please so friendly and tell us first what UBNT hardware you own and what this
    hardware has also to do too! Or in short what UBNT hardware is there in usage?

    Basically put a cable between the two HP Switches…

    But then please use a fibre cable to hold the electric grounding not that the potential equalization
    will be broken between this houses.

    That was what I was looking for, I'd never done this before. Thanks.

    And how many space is there between this houses? Sight contact or not?
    Ubiquiti NanoBeam M5 NBE-M5-16 - 2 -device-pack or
    Ubiquiti NanoBeam M5 NBE-M5-16 - 2 -device-pack

    On each side a VLAN with only the PtP devices and on the side with the servers one more
    VLAN for that two devices. Contact allowed only for the VLANs where the two servers are inside.



  • @johnpoz:

    When you create the gateway make sure your not using it as default.  And then you would create your route via that gateway in your static route section.  You also want to make sure pfsense is not natting the connections out these gateways you create..

    So does your pfsense have other interfaces you could use, or are you going to have to do this over a vlan to pfsense lan interface?

    Pretty slick to be honest.  So how far away are these houses?  And how fast is the connection?  Once you have this sort of connection setup you could even leverage this ptp so that if internet went down at house 1 it could leverage house 2 internet ;)

    What specific unifi gear you using - cost of it if you don't mind..  Curious minds and all ;) hehehehe

    Nanostation M5 with a Rocket M5/omni antenna. Parts are available on amazon.

    Here are views from the cameras. White house at Top of the "North" camera is House 2, the bottom right "South weather camera" is at House 2 looking back at House 1. http://crowderfarm.com/Web_Cams.php Built this setup so I can see the livestock from work. CMS is Blue Iris Software.

    I'm going to attempt linking the network this week, as I get time, I am sure I will have questions. Attachments show the band width. I am planing on replacing the radios with a RocketAC (R5AC-LITE) and Ubiquiti Nanobeam NBE-5AC-16 for more bandwidth.

    Thanks,
    Bill






  • These average 13Mbps traffic consist of how many camera streams?



  • @jahonix:

    These average 13Mbps traffic consist of how many camera streams?

    2 currently, will be adding another which will result in approx 19Mbps consistently. This is usually controlled by the camera settings, I tend to set 1080p cameras to a constant bit rate of 6144/sec.



  • What's your viewing intention?
    Surveillance should be good with 2-3 Mbps at 1080p but depends on encoder quality. 10Mbps would be broadcast quality.
    Just returned from a stadium where we installed approx. 50 IP cameras for police surveillance. Gameday today so I was stand-by on site.



  • @jahonix:

    What's your viewing intention?
    Surveillance should be good with 2-3 Mbps at 1080p but depends on encoder quality. 10Mbps would be broadcast quality.
    Just returned from a stadium where we installed approx. 50 IP cameras for police surveillance. Gameday today so I was stand-by on site.

    I maintain a network of 50 times 50+  cameras, "regulations" control my bit-rate and frame rate and network, not allowed to give an actual number.  https://www.frenchlick.com/ At home for clarity of image there is a huge difference between 3Mps and 6Mps. I understand you point, but storage is cheap. :)



  • @wcrowder:

    for clarity of image there is a huge difference between 3Mps and 6Mps.

    Absolutely.
    That's why I asked what you want to see.

    The resort looks nice.